Secure collaboration with file encryption on download
Abstract
The techniques disclosed herein enable systems to manage remote file storage systems while bolstering information security through file encryption on download and permissions labels. To achieve this, a site owner configures permissions for a network site that stores files and that enables encryption on download. Various users with file access via the permissions may then interact with the site. When a user downloads a file from the site, they receive an encrypted copy that includes a permissions label that synchronizes with the network site permissions. When a user attempts to interact with an encrypted file the permissions label is used by the system to determine whether the user is authorized to access the file. In addition, permissions that are changed at the network site can be propagated to downloaded encrypted copies. In this way, permissions can be enforced for all site files even when copies leave the network site.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A system comprising:
one or more processing units; and
a computer-readable medium having encoded thereon computer-readable instructions that when executed by the one or more processing units causes the system to:
store a file at a collaborative network site;
configure the file with one or more permissions defined by an administrative entity associated with the collaborative network site;
grant a plurality of users access to the file according to the one or more permissions;
receive a download request for the file from a computing device associated with a user of the plurality of users;
transmit an encrypted file comprising the file and a permissions label associated with the user to the computing device in response to receiving the download request;
receive, from another collaborative network site, a permissions query that includes an identification for another user requesting to download the encrypted file which has been uploaded to the other collaborative network site;
compare the identification for the other user to the one or more permissions for which the file is configured;
determine, based on the comparing, that the other user is not included in the plurality of users that have been granted access to the file; and
prevent access to the encrypted file for the other user based on the determining.
2. The system of claim 1 , wherein the encrypted file includes a publishing license comprising data defining the collaborative network site of the encrypted file, the publishing license configured to implement a synchronization between the permissions label in the encrypted file and the one or more permissions configured for the file at the collaborative network site.
3. The system of claim 1 , wherein the permissions label includes one or more of a read permission, an edit permission, or a full control permission for the user.
4. The system of claim 1 , wherein the computer-readable instructions further cause the system to:
delete the collaborative network site in response to a deletion command from the administrative entity; and
revoke access to the file for the plurality of users in response to the deletion of the collaborative network site.
5. The system of claim 1 , wherein the computer-readable instructions further cause the system to:
receive an access request from the computing device of the user to access the encrypted file, wherein the access request includes one or more permissions extracted from the permissions label included in the encrypted file previously transmitted to the computing device;
compare the one or more extracted permissions from the encrypted file to the one or more permissions configured for the file at the collaborative network site;
detect a mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site; and
restrict access to the encrypted file for the user in response to detecting the mismatch.
6. The system of claim 5 , wherein a permission update modifies the one or more permissions configured for the file at the collaborative network site, the modification of the one or more permissions configured for the file at the collaborative network site causing the mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site.
7. A computer-readable storage medium having encoded thereon, computer-readable instructions that when executed by one or more processing units cause a system to:
store a file at a collaborative network site;
configure the file with one or more permissions defined by an administrative entity associated with the collaborative network site;
grant a plurality of users access to the file according to the one or more permissions;
receive a download request for the file from a computing device associated with a user of the plurality of users;
transmit an encrypted file comprising the file and a permissions label associated with the user to the computing device in response to receiving the download request;
receive, from another collaborative network site, a permissions query that includes an identification for another user requesting to download the encrypted file which has been uploaded to the other collaborative network site;
compare the identification for the other user to the one or more permissions for which the file is configured;
determine, based on the comparing, that the other user is not included in the plurality of users that have been granted access to the file; and
prevent access to the encrypted file for the other user based on the determining.
8. The computer-readable storage medium of claim 7 , wherein the encrypted file includes a publishing license comprising data defining the collaborative network site of the encrypted file, the publishing license configured to implement a synchronization between the permissions label in the encrypted file and the one or more permissions configured for the file at the collaborative network site.
9. The computer-readable storage medium of claim 7 , wherein the permissions label includes one or more of a read permission, an edit permission, or a full control permission for the user.
10. The computer-readable storage medium of claim 7 , wherein the computer-readable instructions further cause the system to:
receive an access request from the computing device of the user to access the encrypted file, wherein the access request includes one or more permissions extracted from the permissions label included in the encrypted file previously transmitted to the computing device;
compare the one or more extracted permissions from the encrypted file to the one or more permissions configured for the file at the collaborative network site;
detect a mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site; and
restrict access to the encrypted file for the user in response to detecting the mismatch.
11. The computer-readable storage medium of claim 10 , wherein a permission update modifies the one or more permissions configured for the file at the collaborative network site, the modification of the one or more permissions configured for the file at the collaborative network site causing the mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site.
12. A method comprising:
storing a file at a collaborative network site;
configuring the file with one or more permissions defined by an administrative entity associated with the collaborative network site;
granting a plurality of users access to the file according to the one or more permissions;
receiving a download request for the file from a computing device associated with a user of the plurality of users;
transmitting an encrypted file comprising the file and a permissions label associated with the user to the computing device in response to receiving the download request;
receiving, from another collaborative network site, a permissions query that includes an identification for another user requesting to download the encrypted file which has been uploaded to the other collaborative network site;
comparing the identification for the other user to the one or more permissions for which the file is configured;
determining, based on the comparing, that the other user is not included in the plurality of users that have been granted access to the file; and
preventing access to the encrypted file for the other user based on the determining.
13. The method of claim 12 , wherein the encrypted file includes a publishing license comprising data defining the collaborative network site of the encrypted file, the publishing license configured to implement a synchronization between the permissions label in the encrypted file and the one or more permissions configured for the file at the collaborative network site.
14. The method of claim 12 , wherein the permissions label includes one or more of a read permission, an edit permission, or a full control permission for the user.
15. The method of claim 12 , further comprising:
deleting the collaborative network site in response to a deletion command from the administrative entity; and
revoking access to the file for the plurality of users in response to the deletion of the collaborative network site.
16. The method of claim 12 , further comprising:
receiving an access request from the computing device of the user to access the encrypted file, wherein the access request includes one or more permissions extracted from the permissions label included in the encrypted file previously transmitted to the computing device;
comparing the one or more extracted permissions from the encrypted file to the one or more permissions configured for the file at the collaborative network site;
detecting a mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site; and
restricting access to the encrypted file for the user in response to detecting the mismatch.
17. The method of claim 16 , wherein a permission update modifies the one or more permissions configured for the file at the collaborative network site, the modification of the one or more permissions configured for the file at the collaborative network site causing the mismatch between the one or more extracted permissions from the encrypted file and the one or more permissions configured for the file at the collaborative network site.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.